@mitre/hdf-converters 2.12.6 → 2.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +25 -24
- package/lib/data/converters/csv2json.d.ts +1 -0
- package/lib/data/converters/csv2json.d.ts.map +1 -0
- package/lib/data/converters/csv2json.js +1 -1
- package/lib/data/converters/csv2json.js.map +1 -1
- package/lib/data/converters/xml2json.d.ts +1 -0
- package/lib/data/converters/xml2json.d.ts.map +1 -0
- package/lib/data/converters/xml2json.js +6 -25
- package/lib/data/converters/xml2json.js.map +1 -1
- package/lib/data/reverse-html-mapper/convert-to-embedded-strings.d.ts +2 -0
- package/lib/data/reverse-html-mapper/convert-to-embedded-strings.d.ts.map +1 -0
- package/lib/data/reverse-html-mapper/convert-to-embedded-strings.js +13 -0
- package/lib/data/reverse-html-mapper/convert-to-embedded-strings.js.map +1 -0
- package/lib/index.d.ts +6 -0
- package/lib/index.d.ts.map +1 -0
- package/lib/index.js +23 -8
- package/lib/index.js.map +1 -1
- package/lib/package.json +19 -40
- package/lib/src/anchore-grype-mapper.d.ts +1 -0
- package/lib/src/anchore-grype-mapper.d.ts.map +1 -0
- package/lib/src/anchore-grype-mapper.js +7 -1
- package/lib/src/anchore-grype-mapper.js.map +1 -1
- package/lib/src/asff-mapper/asff-mapper.d.ts +1 -0
- package/lib/src/asff-mapper/asff-mapper.d.ts.map +1 -0
- package/lib/src/asff-mapper/asff-mapper.js +274 -237
- package/lib/src/asff-mapper/asff-mapper.js.map +1 -1
- package/lib/src/asff-mapper/case-cms-inspec.d.ts +1 -0
- package/lib/src/asff-mapper/case-cms-inspec.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-cms-inspec.js +18 -9
- package/lib/src/asff-mapper/case-cms-inspec.js.map +1 -1
- package/lib/src/asff-mapper/case-firewall-manager.d.ts +1 -0
- package/lib/src/asff-mapper/case-firewall-manager.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-firewall-manager.js +18 -9
- package/lib/src/asff-mapper/case-firewall-manager.js.map +1 -1
- package/lib/src/asff-mapper/case-guardduty.d.ts +1 -0
- package/lib/src/asff-mapper/case-guardduty.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-guardduty.js +18 -9
- package/lib/src/asff-mapper/case-guardduty.js.map +1 -1
- package/lib/src/asff-mapper/case-inspector.d.ts +1 -0
- package/lib/src/asff-mapper/case-inspector.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-inspector.js +18 -9
- package/lib/src/asff-mapper/case-inspector.js.map +1 -1
- package/lib/src/asff-mapper/case-previously-hdf.d.ts +1 -0
- package/lib/src/asff-mapper/case-previously-hdf.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-previously-hdf.js +21 -10
- package/lib/src/asff-mapper/case-previously-hdf.js.map +1 -1
- package/lib/src/asff-mapper/case-prowler.d.ts +1 -0
- package/lib/src/asff-mapper/case-prowler.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-prowler.js +19 -9
- package/lib/src/asff-mapper/case-prowler.js.map +1 -1
- package/lib/src/asff-mapper/case-security-hub.d.ts +1 -0
- package/lib/src/asff-mapper/case-security-hub.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-security-hub.js +24 -9
- package/lib/src/asff-mapper/case-security-hub.js.map +1 -1
- package/lib/src/asff-mapper/case-trivy.d.ts +1 -0
- package/lib/src/asff-mapper/case-trivy.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-trivy.js +18 -9
- package/lib/src/asff-mapper/case-trivy.js.map +1 -1
- package/lib/src/aws-config-mapper.d.ts +1 -0
- package/lib/src/aws-config-mapper.d.ts.map +1 -0
- package/lib/src/aws-config-mapper.js +29 -7
- package/lib/src/aws-config-mapper.js.map +1 -1
- package/lib/src/base-converter.d.ts +2 -1
- package/lib/src/base-converter.d.ts.map +1 -0
- package/lib/src/base-converter.js +46 -26
- package/lib/src/base-converter.js.map +1 -1
- package/lib/src/burpsuite-mapper.d.ts +7 -0
- package/lib/src/burpsuite-mapper.d.ts.map +1 -0
- package/lib/src/burpsuite-mapper.js +115 -88
- package/lib/src/burpsuite-mapper.js.map +1 -1
- package/lib/src/checkov-mapper.d.ts +67 -0
- package/lib/src/checkov-mapper.d.ts.map +1 -0
- package/lib/src/checkov-mapper.js +240 -0
- package/lib/src/checkov-mapper.js.map +1 -0
- package/lib/src/ckl-mapper/checklist-jsonix-converter.d.ts +17 -0
- package/lib/src/ckl-mapper/checklist-jsonix-converter.d.ts.map +1 -0
- package/lib/src/ckl-mapper/checklist-jsonix-converter.js +38 -4
- package/lib/src/ckl-mapper/checklist-jsonix-converter.js.map +1 -1
- package/lib/src/ckl-mapper/checklist-mapper.d.ts +35 -0
- package/lib/src/ckl-mapper/checklist-mapper.d.ts.map +1 -0
- package/lib/src/ckl-mapper/checklist-mapper.js +262 -151
- package/lib/src/ckl-mapper/checklist-mapper.js.map +1 -1
- package/lib/src/ckl-mapper/checklist-metadata-utils.d.ts +1 -0
- package/lib/src/ckl-mapper/checklist-metadata-utils.d.ts.map +1 -0
- package/lib/src/ckl-mapper/checklist-metadata-utils.js +32 -15
- package/lib/src/ckl-mapper/checklist-metadata-utils.js.map +1 -1
- package/lib/src/ckl-mapper/checklistJsonix.d.ts +6 -0
- package/lib/src/ckl-mapper/checklistJsonix.d.ts.map +1 -0
- package/lib/src/ckl-mapper/checklistJsonix.js +8 -8
- package/lib/src/ckl-mapper/checklistJsonix.js.map +1 -1
- package/lib/src/ckl-mapper/jsonixMapping.d.ts +5 -0
- package/lib/src/ckl-mapper/jsonixMapping.d.ts.map +1 -0
- package/lib/src/ckl-mapper/jsonixMapping.js +4 -0
- package/lib/src/ckl-mapper/jsonixMapping.js.map +1 -1
- package/lib/src/converters-from-hdf/asff/asff-types.d.ts +1 -0
- package/lib/src/converters-from-hdf/asff/asff-types.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/asff/asff-types.js +1 -0
- package/lib/src/converters-from-hdf/asff/asff-types.js.map +1 -1
- package/lib/src/converters-from-hdf/asff/reverse-asff-mapper.d.ts +1 -0
- package/lib/src/converters-from-hdf/asff/reverse-asff-mapper.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/asff/reverse-asff-mapper.js +110 -84
- package/lib/src/converters-from-hdf/asff/reverse-asff-mapper.js.map +1 -1
- package/lib/src/converters-from-hdf/asff/transformers.d.ts +1 -0
- package/lib/src/converters-from-hdf/asff/transformers.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/asff/transformers.js +68 -38
- package/lib/src/converters-from-hdf/asff/transformers.js.map +1 -1
- package/lib/src/converters-from-hdf/caat/reverse-caat-mapper.d.ts +1 -0
- package/lib/src/converters-from-hdf/caat/reverse-caat-mapper.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/caat/reverse-caat-mapper.js +54 -28
- package/lib/src/converters-from-hdf/caat/reverse-caat-mapper.js.map +1 -1
- package/lib/src/converters-from-hdf/html/embedded-assets.d.ts +4 -0
- package/lib/src/converters-from-hdf/html/embedded-assets.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/html/embedded-assets.js +8 -0
- package/lib/src/converters-from-hdf/html/embedded-assets.js.map +1 -0
- package/lib/src/converters-from-hdf/html/html-types.d.ts +1 -0
- package/lib/src/converters-from-hdf/html/html-types.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/html/html-types.js +1 -0
- package/lib/src/converters-from-hdf/html/html-types.js.map +1 -1
- package/lib/src/converters-from-hdf/html/reverse-html-mapper.d.ts +3 -2
- package/lib/src/converters-from-hdf/html/reverse-html-mapper.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/html/reverse-html-mapper.js +151 -107
- package/lib/src/converters-from-hdf/html/reverse-html-mapper.js.map +1 -1
- package/lib/src/converters-from-hdf/reverse-any-base-converter.d.ts +1 -0
- package/lib/src/converters-from-hdf/reverse-any-base-converter.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/reverse-any-base-converter.js +3 -0
- package/lib/src/converters-from-hdf/reverse-any-base-converter.js.map +1 -1
- package/lib/src/converters-from-hdf/reverse-base-converter.d.ts +1 -0
- package/lib/src/converters-from-hdf/reverse-base-converter.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/reverse-base-converter.js +29 -9
- package/lib/src/converters-from-hdf/reverse-base-converter.js.map +1 -1
- package/lib/src/converters-from-hdf/splunk/reverse-splunk-mapper.d.ts +1 -0
- package/lib/src/converters-from-hdf/splunk/reverse-splunk-mapper.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/splunk/reverse-splunk-mapper.js +39 -14
- package/lib/src/converters-from-hdf/splunk/reverse-splunk-mapper.js.map +1 -1
- package/lib/src/converters-from-hdf/xccdf/reverse-xccdf-mapper.d.ts +1 -0
- package/lib/src/converters-from-hdf/xccdf/reverse-xccdf-mapper.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/xccdf/reverse-xccdf-mapper.js +32 -10
- package/lib/src/converters-from-hdf/xccdf/reverse-xccdf-mapper.js.map +1 -1
- package/lib/src/conveyor-mapper.d.ts +1 -0
- package/lib/src/conveyor-mapper.d.ts.map +1 -0
- package/lib/src/conveyor-mapper.js +85 -40
- package/lib/src/conveyor-mapper.js.map +1 -1
- package/lib/src/cyclonedx-sbom-mapper.d.ts +1 -0
- package/lib/src/cyclonedx-sbom-mapper.d.ts.map +1 -0
- package/lib/src/cyclonedx-sbom-mapper.js +368 -294
- package/lib/src/cyclonedx-sbom-mapper.js.map +1 -1
- package/lib/src/dbprotect-mapper.d.ts +1 -0
- package/lib/src/dbprotect-mapper.d.ts.map +1 -0
- package/lib/src/dbprotect-mapper.js +74 -63
- package/lib/src/dbprotect-mapper.js.map +1 -1
- package/lib/src/dependency-track-mapper.d.ts +1 -0
- package/lib/src/dependency-track-mapper.d.ts.map +1 -0
- package/lib/src/dependency-track-mapper.js +144 -130
- package/lib/src/dependency-track-mapper.js.map +1 -1
- package/lib/src/fortify-mapper.d.ts +7 -0
- package/lib/src/fortify-mapper.d.ts.map +1 -0
- package/lib/src/fortify-mapper.js +118 -92
- package/lib/src/fortify-mapper.js.map +1 -1
- package/lib/src/gosec-mapper.d.ts +1 -0
- package/lib/src/gosec-mapper.d.ts.map +1 -0
- package/lib/src/gosec-mapper.js +90 -72
- package/lib/src/gosec-mapper.js.map +1 -1
- package/lib/src/ionchannel-mapper.d.ts +1 -0
- package/lib/src/ionchannel-mapper.d.ts.map +1 -0
- package/lib/src/ionchannel-mapper.js +130 -110
- package/lib/src/ionchannel-mapper.js.map +1 -1
- package/lib/src/jfrog-xray-mapper.d.ts +1 -0
- package/lib/src/jfrog-xray-mapper.d.ts.map +1 -0
- package/lib/src/jfrog-xray-mapper.js +92 -78
- package/lib/src/jfrog-xray-mapper.js.map +1 -1
- package/lib/src/jsonix-converter.d.ts +1 -0
- package/lib/src/jsonix-converter.d.ts.map +1 -0
- package/lib/src/jsonix-converter.js +1 -0
- package/lib/src/jsonix-converter.js.map +1 -1
- package/lib/src/jsonix-intermediate-converter.d.ts +1 -0
- package/lib/src/jsonix-intermediate-converter.d.ts.map +1 -0
- package/lib/src/jsonix-intermediate-converter.js.map +1 -1
- package/lib/src/mappings/AwsConfigMapping.d.ts +1 -0
- package/lib/src/mappings/AwsConfigMapping.d.ts.map +1 -0
- package/lib/src/mappings/AwsConfigMapping.js +19 -9
- package/lib/src/mappings/AwsConfigMapping.js.map +1 -1
- package/lib/src/mappings/AwsConfigMappingData.d.ts +1 -0
- package/lib/src/mappings/AwsConfigMappingData.d.ts.map +1 -0
- package/lib/src/mappings/AwsConfigMappingData.js.map +1 -1
- package/lib/src/mappings/CciNistMapping.d.ts +1 -0
- package/lib/src/mappings/CciNistMapping.d.ts.map +1 -0
- package/lib/src/mappings/CciNistMapping.js +4 -0
- package/lib/src/mappings/CciNistMapping.js.map +1 -1
- package/lib/src/mappings/CciNistMappingData.d.ts +1 -0
- package/lib/src/mappings/CciNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/CciNistMappingData.js.map +1 -1
- package/lib/src/mappings/CciNistMappingItem.d.ts +1 -0
- package/lib/src/mappings/CciNistMappingItem.d.ts.map +1 -0
- package/lib/src/mappings/CciNistMappingItem.js +2 -0
- package/lib/src/mappings/CciNistMappingItem.js.map +1 -1
- package/lib/src/mappings/CheckovToCciAndNistMappingData.d.ts +5 -0
- package/lib/src/mappings/CheckovToCciAndNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/CheckovToCciAndNistMappingData.js +2695 -0
- package/lib/src/mappings/CheckovToCciAndNistMappingData.js.map +1 -0
- package/lib/src/mappings/CweNistMapping.d.ts +1 -0
- package/lib/src/mappings/CweNistMapping.d.ts.map +1 -0
- package/lib/src/mappings/CweNistMapping.js +1 -0
- package/lib/src/mappings/CweNistMapping.js.map +1 -1
- package/lib/src/mappings/CweNistMappingData.d.ts +1 -0
- package/lib/src/mappings/CweNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/CweNistMappingData.js.map +1 -1
- package/lib/src/mappings/CweNistMappingItem.d.ts +1 -0
- package/lib/src/mappings/CweNistMappingItem.d.ts.map +1 -0
- package/lib/src/mappings/CweNistMappingItem.js +5 -0
- package/lib/src/mappings/CweNistMappingItem.js.map +1 -1
- package/lib/src/mappings/NessusPluginNistMappingData.d.ts +1 -0
- package/lib/src/mappings/NessusPluginNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/NessusPluginNistMappingData.js.map +1 -1
- package/lib/src/mappings/NessusPluginsNistMapping.d.ts +1 -0
- package/lib/src/mappings/NessusPluginsNistMapping.d.ts.map +1 -0
- package/lib/src/mappings/NessusPluginsNistMapping.js +1 -0
- package/lib/src/mappings/NessusPluginsNistMapping.js.map +1 -1
- package/lib/src/mappings/NessusPluginsNistMappingItem.d.ts +1 -0
- package/lib/src/mappings/NessusPluginsNistMappingItem.d.ts.map +1 -0
- package/lib/src/mappings/NessusPluginsNistMappingItem.js +4 -0
- package/lib/src/mappings/NessusPluginsNistMappingItem.js.map +1 -1
- package/lib/src/mappings/NiktoNistMapping.d.ts +1 -0
- package/lib/src/mappings/NiktoNistMapping.d.ts.map +1 -0
- package/lib/src/mappings/NiktoNistMapping.js.map +1 -1
- package/lib/src/mappings/NiktoNistMappingData.d.ts +1 -0
- package/lib/src/mappings/NiktoNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/NiktoNistMappingData.js.map +1 -1
- package/lib/src/mappings/NiktoNistMappingItem.d.ts +1 -0
- package/lib/src/mappings/NiktoNistMappingItem.d.ts.map +1 -0
- package/lib/src/mappings/NiktoNistMappingItem.js +4 -0
- package/lib/src/mappings/NiktoNistMappingItem.js.map +1 -1
- package/lib/src/mappings/NistCciMappingData.d.ts +1 -0
- package/lib/src/mappings/NistCciMappingData.d.ts.map +1 -0
- package/lib/src/mappings/NistCciMappingData.js.map +1 -1
- package/lib/src/mappings/OwaspNistMapping.d.ts +1 -0
- package/lib/src/mappings/OwaspNistMapping.d.ts.map +1 -0
- package/lib/src/mappings/OwaspNistMapping.js +18 -7
- package/lib/src/mappings/OwaspNistMapping.js.map +1 -1
- package/lib/src/mappings/OwaspNistMappingData.d.ts +1 -0
- package/lib/src/mappings/OwaspNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/OwaspNistMappingData.js.map +1 -1
- package/lib/src/mappings/OwaspNistMappingItem.d.ts +1 -0
- package/lib/src/mappings/OwaspNistMappingItem.d.ts.map +1 -0
- package/lib/src/mappings/OwaspNistMappingItem.js +5 -0
- package/lib/src/mappings/OwaspNistMappingItem.js.map +1 -1
- package/lib/src/mappings/ScoutsuiteNistMapping.d.ts +1 -0
- package/lib/src/mappings/ScoutsuiteNistMapping.d.ts.map +1 -0
- package/lib/src/mappings/ScoutsuiteNistMapping.js +1 -0
- package/lib/src/mappings/ScoutsuiteNistMapping.js.map +1 -1
- package/lib/src/mappings/ScoutsuiteNistMappingData.d.ts +1 -0
- package/lib/src/mappings/ScoutsuiteNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/ScoutsuiteNistMappingData.js.map +1 -1
- package/lib/src/mappings/ScoutsuiteNistMappingItem.d.ts +1 -0
- package/lib/src/mappings/ScoutsuiteNistMappingItem.d.ts.map +1 -0
- package/lib/src/mappings/ScoutsuiteNistMappingItem.js +2 -0
- package/lib/src/mappings/ScoutsuiteNistMappingItem.js.map +1 -1
- package/lib/src/msft-secure-score-mapper.d.ts +1 -0
- package/lib/src/msft-secure-score-mapper.d.ts.map +1 -0
- package/lib/src/msft-secure-score-mapper.js +202 -185
- package/lib/src/msft-secure-score-mapper.js.map +1 -1
- package/lib/src/nessus-mapper.d.ts +2 -1
- package/lib/src/nessus-mapper.d.ts.map +1 -0
- package/lib/src/nessus-mapper.js +122 -105
- package/lib/src/nessus-mapper.js.map +1 -1
- package/lib/src/netsparker-mapper.d.ts +7 -0
- package/lib/src/netsparker-mapper.d.ts.map +1 -0
- package/lib/src/netsparker-mapper.js +34 -9
- package/lib/src/netsparker-mapper.js.map +1 -1
- package/lib/src/neuvector-mapper.d.ts +1 -0
- package/lib/src/neuvector-mapper.d.ts.map +1 -0
- package/lib/src/neuvector-mapper.js +120 -117
- package/lib/src/neuvector-mapper.js.map +1 -1
- package/lib/src/nikto-mapper.d.ts +1 -0
- package/lib/src/nikto-mapper.d.ts.map +1 -0
- package/lib/src/nikto-mapper.js +85 -74
- package/lib/src/nikto-mapper.js.map +1 -1
- package/lib/src/prisma-mapper.d.ts +1 -0
- package/lib/src/prisma-mapper.d.ts.map +1 -0
- package/lib/src/prisma-mapper.js +138 -128
- package/lib/src/prisma-mapper.js.map +1 -1
- package/lib/src/sarif-mapper.d.ts +1 -0
- package/lib/src/sarif-mapper.d.ts.map +1 -0
- package/lib/src/sarif-mapper.js +116 -105
- package/lib/src/sarif-mapper.js.map +1 -1
- package/lib/src/scoutsuite-mapper.d.ts +1 -0
- package/lib/src/scoutsuite-mapper.d.ts.map +1 -0
- package/lib/src/scoutsuite-mapper.js +174 -163
- package/lib/src/scoutsuite-mapper.js.map +1 -1
- package/lib/src/snyk-mapper.d.ts +1 -0
- package/lib/src/snyk-mapper.d.ts.map +1 -0
- package/lib/src/snyk-mapper.js +112 -100
- package/lib/src/snyk-mapper.js.map +1 -1
- package/lib/src/sonarqube-mapper.d.ts +18 -5
- package/lib/src/sonarqube-mapper.d.ts.map +1 -0
- package/lib/src/sonarqube-mapper.js +525 -271
- package/lib/src/sonarqube-mapper.js.map +1 -1
- package/lib/src/splunk-mapper.d.ts +3 -2
- package/lib/src/splunk-mapper.d.ts.map +1 -0
- package/lib/src/splunk-mapper.js +69 -12
- package/lib/src/splunk-mapper.js.map +1 -1
- package/lib/src/trufflehog-mapper.d.ts +1 -0
- package/lib/src/trufflehog-mapper.d.ts.map +1 -0
- package/lib/src/trufflehog-mapper.js +72 -69
- package/lib/src/trufflehog-mapper.js.map +1 -1
- package/lib/src/twistlock-mapper.d.ts +1 -0
- package/lib/src/twistlock-mapper.d.ts.map +1 -0
- package/lib/src/twistlock-mapper.js +140 -126
- package/lib/src/twistlock-mapper.js.map +1 -1
- package/lib/src/utils/CCI_List.d.ts +1 -0
- package/lib/src/utils/CCI_List.d.ts.map +1 -0
- package/lib/src/utils/CCI_List.js.map +1 -1
- package/lib/src/utils/attestations.d.ts +1 -0
- package/lib/src/utils/attestations.d.ts.map +1 -0
- package/lib/src/utils/attestations.js +28 -13
- package/lib/src/utils/attestations.js.map +1 -1
- package/lib/src/utils/compliance.d.ts +1 -0
- package/lib/src/utils/compliance.d.ts.map +1 -0
- package/lib/src/utils/compliance.js +11 -3
- package/lib/src/utils/compliance.js.map +1 -1
- package/lib/src/utils/fingerprinting.d.ts +2 -0
- package/lib/src/utils/fingerprinting.d.ts.map +1 -0
- package/lib/src/utils/fingerprinting.js +28 -11
- package/lib/src/utils/fingerprinting.js.map +1 -1
- package/lib/src/utils/global.d.ts +3 -1
- package/lib/src/utils/global.d.ts.map +1 -0
- package/lib/src/utils/global.js +34 -15
- package/lib/src/utils/global.js.map +1 -1
- package/lib/src/utils/parseJson.d.ts +1 -0
- package/lib/src/utils/parseJson.d.ts.map +1 -0
- package/lib/src/utils/parseJson.js +7 -3
- package/lib/src/utils/parseJson.js.map +1 -1
- package/lib/src/utils/result.d.ts +1 -0
- package/lib/src/utils/result.d.ts.map +1 -0
- package/lib/src/utils/result.js.map +1 -1
- package/lib/src/utils/splunk-tools.d.ts +2 -1
- package/lib/src/utils/splunk-tools.d.ts.map +1 -0
- package/lib/src/utils/splunk-tools.js +52 -31
- package/lib/src/utils/splunk-tools.js.map +1 -1
- package/lib/src/veracode-mapper.d.ts +1 -0
- package/lib/src/veracode-mapper.d.ts.map +1 -0
- package/lib/src/veracode-mapper.js +50 -7
- package/lib/src/veracode-mapper.js.map +1 -1
- package/lib/src/xccdf-results-mapper.d.ts +7 -0
- package/lib/src/xccdf-results-mapper.d.ts.map +1 -0
- package/lib/src/xccdf-results-mapper.js +336 -301
- package/lib/src/xccdf-results-mapper.js.map +1 -1
- package/lib/src/zap-mapper.d.ts +8 -0
- package/lib/src/zap-mapper.d.ts.map +1 -0
- package/lib/src/zap-mapper.js +119 -90
- package/lib/src/zap-mapper.js.map +1 -1
- package/lib/tsconfig.build.tsbuildinfo +1 -0
- package/lib/types/neuvector-types.d.ts +1 -0
- package/lib/types/neuvector-types.d.ts.map +1 -0
- package/lib/types/neuvector-types.js +80 -0
- package/lib/types/neuvector-types.js.map +1 -1
- package/lib/types/splunk-config-types.d.ts +1 -0
- package/lib/types/splunk-config-types.d.ts.map +1 -0
- package/lib/types/splunk-config-types.js.map +1 -1
- package/lib/types/splunk-control-types.d.ts +1 -0
- package/lib/types/splunk-control-types.d.ts.map +1 -0
- package/lib/types/splunk-control-types.js.map +1 -1
- package/lib/types/splunk-profile-types.d.ts +1 -0
- package/lib/types/splunk-profile-types.d.ts.map +1 -0
- package/lib/types/splunk-profile-types.js.map +1 -1
- package/lib/types/splunk-report-types.d.ts +1 -0
- package/lib/types/splunk-report-types.d.ts.map +1 -0
- package/lib/types/splunk-report-types.js.map +1 -1
- package/package.json +19 -40
- package/lib/data/converters/csv2json.ts +0 -36
- package/lib/data/converters/xml2json.ts +0 -57
|
@@ -22,28 +22,36 @@ const IMPACT_MAPPING = new Map([
|
|
|
22
22
|
['none', 0.0],
|
|
23
23
|
['unknown', 0.5]
|
|
24
24
|
]);
|
|
25
|
+
// Convert object type to string[] and prepend `CWE` if used directly for tag display
|
|
25
26
|
function formatCWETags(input, addPrefix = true) {
|
|
26
27
|
return input && Array.isArray(input)
|
|
27
28
|
? input.map((cwe) => (addPrefix ? `CWE-${cwe}` : `${cwe}`))
|
|
28
29
|
: [];
|
|
29
30
|
}
|
|
31
|
+
// Convert gathered CWEs to corresponding NIST 800-53s
|
|
30
32
|
function getNISTTags(input) {
|
|
31
33
|
return CWE_NIST_MAPPING.nistFilter(formatCWETags(input, false), DEFAULT_NIST_TAG);
|
|
32
34
|
}
|
|
35
|
+
// A single SBOM vulnerability can contain multiple security ratings
|
|
36
|
+
// Find the max of any existing ratings and then pass to `impact`
|
|
33
37
|
function maxImpact(ratings) {
|
|
34
38
|
return ratings
|
|
35
39
|
.map((rating) => rating.score &&
|
|
36
40
|
rating.method &&
|
|
37
|
-
cvssMethods.includes(rating.method)
|
|
38
|
-
?
|
|
41
|
+
cvssMethods.includes(rating.method) // cast required since .includes expects the parameter to be a subtype
|
|
42
|
+
? // Prefer to use CVSS-based `score` field when possible
|
|
39
43
|
rating.score / 10
|
|
40
|
-
:
|
|
44
|
+
: // Else interpret it from `severity` field, defaulting to medium/0.5
|
|
41
45
|
(IMPACT_MAPPING.get(rating.severity?.toLowerCase() ?? '') ?? 0.5))
|
|
42
|
-
.reduce((maxValue, newValue) =>
|
|
46
|
+
.reduce((maxValue, newValue) =>
|
|
47
|
+
// Find max of existing ratings
|
|
48
|
+
maxValue > newValue ? maxValue : newValue, 0);
|
|
43
49
|
}
|
|
50
|
+
// If the highest rating severity for a control is `info` or `unknown`, set the results to skipped and request a manual review
|
|
44
51
|
function skipSeverityInfoOrUnknown(controls) {
|
|
45
52
|
if (controls) {
|
|
46
53
|
controls
|
|
54
|
+
// Filter to controls whose highest rating severity is either `info` or `unknown`
|
|
47
55
|
.filter((control) => {
|
|
48
56
|
const ratings = lodash_1.default.get(control, 'tags.ratings', '').split(/ - |, /);
|
|
49
57
|
return ((ratings.includes('info') || ratings.includes('unknown')) &&
|
|
@@ -53,6 +61,7 @@ function skipSeverityInfoOrUnknown(controls) {
|
|
|
53
61
|
ratings.includes('low') ||
|
|
54
62
|
ratings.includes('none')));
|
|
55
63
|
})
|
|
64
|
+
// For every result contained by that control, set the status to skipped and request a manual review
|
|
56
65
|
.map((control) => control.results.map((result) => {
|
|
57
66
|
result.status = inspecjs_1.ExecJSON.ControlResultStatus.Skipped;
|
|
58
67
|
result.skip_message =
|
|
@@ -62,6 +71,8 @@ function skipSeverityInfoOrUnknown(controls) {
|
|
|
62
71
|
return controls;
|
|
63
72
|
}
|
|
64
73
|
class CycloneDXSBOMResults {
|
|
74
|
+
data;
|
|
75
|
+
withRaw;
|
|
65
76
|
constructor(sbomJson, withRaw = false) {
|
|
66
77
|
this.data = {
|
|
67
78
|
components: [],
|
|
@@ -70,36 +81,78 @@ class CycloneDXSBOMResults {
|
|
|
70
81
|
};
|
|
71
82
|
this.withRaw = withRaw;
|
|
72
83
|
if (this.data.raw.components) {
|
|
84
|
+
// We know this is SBOM data
|
|
73
85
|
this.flattenComponents(this.data);
|
|
74
86
|
if (this.data.raw.vulnerabilities) {
|
|
87
|
+
// If this SBOM data has a vulnerabilities field, we can create an intermediary object
|
|
75
88
|
this.generateIntermediary(this.data);
|
|
76
89
|
}
|
|
77
90
|
}
|
|
78
91
|
else if (this.data.raw.vulnerabilities) {
|
|
92
|
+
// Back up in case we ingest VEX data instead
|
|
79
93
|
this.formatVEX(this.data);
|
|
80
94
|
}
|
|
81
95
|
else {
|
|
82
96
|
throw new Error('Unrecognized CycloneDX format detected. We currently only support SBOM and VEX formats.');
|
|
83
97
|
}
|
|
84
98
|
}
|
|
99
|
+
// Flatten any arbitrarily nested components list
|
|
85
100
|
flattenComponents(data) {
|
|
101
|
+
// Pull components from raw data
|
|
86
102
|
data.components = lodash_1.default.cloneDeep(data.raw.components);
|
|
103
|
+
// Look through every component at the top level of the list
|
|
87
104
|
for (const component of data.components) {
|
|
105
|
+
// Identify if subcomponents exist
|
|
88
106
|
if (component.components) {
|
|
107
|
+
// If so, pull out the subcomponents and push them to end of top level component list for further flattening
|
|
89
108
|
data.components.push(...component.components);
|
|
90
109
|
delete component.components;
|
|
91
110
|
}
|
|
92
111
|
}
|
|
93
112
|
}
|
|
113
|
+
/*
|
|
114
|
+
Copy the indices of all components that are affected by a vulnerability and place them under that corresponding vulnerability
|
|
115
|
+
Also note in each component the IDs of the vulnerabilities that affect them
|
|
116
|
+
This allows for bidirectional traversal in SBOM view
|
|
117
|
+
|
|
118
|
+
Should result in the following general structure:
|
|
119
|
+
{
|
|
120
|
+
components: [
|
|
121
|
+
component: {
|
|
122
|
+
affectingVulnerabilities: [ // Added field
|
|
123
|
+
vulnID,
|
|
124
|
+
...
|
|
125
|
+
],
|
|
126
|
+
...
|
|
127
|
+
},
|
|
128
|
+
...
|
|
129
|
+
],
|
|
130
|
+
vulnerabilities: [
|
|
131
|
+
vulnerability: {
|
|
132
|
+
affectedComponents: [ // Added field
|
|
133
|
+
componentIndex,
|
|
134
|
+
...
|
|
135
|
+
],
|
|
136
|
+
...
|
|
137
|
+
},
|
|
138
|
+
...
|
|
139
|
+
],
|
|
140
|
+
...
|
|
141
|
+
}
|
|
142
|
+
*/
|
|
94
143
|
generateIntermediary(data) {
|
|
144
|
+
// Pull vulnerabilities from raw data
|
|
95
145
|
data.vulnerabilities = lodash_1.default.cloneDeep(data.raw.vulnerabilities);
|
|
96
146
|
for (const vulnerability of data.vulnerabilities) {
|
|
97
147
|
vulnerability.affectedComponents = [];
|
|
98
148
|
vulnerability.affectedComponents.push(...Array.from(data.components.entries())
|
|
149
|
+
// Find every component that is affected via listed bom-refs
|
|
99
150
|
.filter(([_index, component]) => vulnerability.affects
|
|
100
151
|
?.map((id) => id.ref.toString())
|
|
101
152
|
.includes(component['bom-ref']))
|
|
153
|
+
// Add the index of that affected component to the corresponding vulnerability object
|
|
102
154
|
.map(([index, _component]) => index));
|
|
155
|
+
// Also record the ID of the vulnerability in the component for use in bidirectional traversal
|
|
103
156
|
for (const index of vulnerability.affectedComponents) {
|
|
104
157
|
if (!data.components[index].affectingVulnerabilities) {
|
|
105
158
|
data.components[index].affectingVulnerabilities = [];
|
|
@@ -108,19 +161,25 @@ class CycloneDXSBOMResults {
|
|
|
108
161
|
}
|
|
109
162
|
}
|
|
110
163
|
}
|
|
164
|
+
// VEX by default has no component info, resulting in profile errors when parsing the vulnerabilities for OHDF
|
|
165
|
+
// Fix that by adding a temporary result that refers the vulnerability back to its associated BOM
|
|
111
166
|
formatVEX(data) {
|
|
167
|
+
// Pull vulnerabilities from raw data
|
|
112
168
|
data.vulnerabilities = [
|
|
113
169
|
...lodash_1.default.cloneDeep(data.raw.vulnerabilities)
|
|
114
170
|
];
|
|
115
171
|
for (const vulnerability of data.vulnerabilities) {
|
|
116
172
|
vulnerability.affectedComponents = vulnerability.affects?.map((id) => {
|
|
173
|
+
// Build a dummy component for each bom-ref identified as being affected by the vulnerability
|
|
117
174
|
const dummy = {
|
|
118
175
|
name: `${id.ref}`,
|
|
119
176
|
'bom-ref': `${id.ref}`,
|
|
120
177
|
isDummy: true,
|
|
121
|
-
type: 'application'
|
|
178
|
+
type: 'application' // a type must be provided, and "application" is the default classification
|
|
122
179
|
};
|
|
180
|
+
// Add that component to the corresponding vulnerability object
|
|
123
181
|
data.components.push(dummy);
|
|
182
|
+
// Return the index of that dummy object
|
|
124
183
|
return data.components.length - 1;
|
|
125
184
|
});
|
|
126
185
|
}
|
|
@@ -131,317 +190,332 @@ class CycloneDXSBOMResults {
|
|
|
131
190
|
}
|
|
132
191
|
exports.CycloneDXSBOMResults = CycloneDXSBOMResults;
|
|
133
192
|
class CycloneDXSBOMMapper extends base_converter_1.BaseConverter {
|
|
193
|
+
withRaw;
|
|
194
|
+
// Pull any keys from a given index for the stored components listing
|
|
134
195
|
getComponentValueAtIndex(index, keys) {
|
|
135
196
|
return lodash_1.default.pick(this.data.components[index], keys);
|
|
136
197
|
}
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
const group = input.group ? `${input.group}/` : '';
|
|
159
|
-
return `${group}${input.name} CycloneDX BOM Report`;
|
|
160
|
-
}
|
|
161
|
-
else {
|
|
162
|
-
return 'CycloneDX BOM Report';
|
|
163
|
-
}
|
|
198
|
+
mappings = {
|
|
199
|
+
platform: {
|
|
200
|
+
name: 'Heimdall Tools',
|
|
201
|
+
release: package_json_1.version
|
|
202
|
+
},
|
|
203
|
+
version: package_json_1.version,
|
|
204
|
+
statistics: {},
|
|
205
|
+
profiles: [
|
|
206
|
+
{
|
|
207
|
+
name: {
|
|
208
|
+
path: 'raw.metadata.component',
|
|
209
|
+
transformer: (input) => lodash_1.default.has(input, 'bom-ref')
|
|
210
|
+
? `CycloneDX BOM Report: ${input.type}/${input['bom-ref']}`
|
|
211
|
+
: 'CycloneDX BOM Report'
|
|
212
|
+
},
|
|
213
|
+
title: {
|
|
214
|
+
path: 'raw.metadata.component',
|
|
215
|
+
transformer: (input) => {
|
|
216
|
+
if (input.name) {
|
|
217
|
+
const group = input.group ? `${input.group}/` : '';
|
|
218
|
+
return `${group}${input.name} CycloneDX BOM Report`;
|
|
164
219
|
}
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
path: 'raw.metadata.component.version',
|
|
168
|
-
transformer: global_1.filterString
|
|
169
|
-
},
|
|
170
|
-
maintainer: {
|
|
171
|
-
path: 'raw.metadata.component',
|
|
172
|
-
transformer: (input) => {
|
|
173
|
-
const manufacturer = lodash_1.default.has(input, 'manufacturer')
|
|
174
|
-
? ` (${input.manufacturer.name})`
|
|
175
|
-
: '';
|
|
176
|
-
if (lodash_1.default.has(input, 'authors')) {
|
|
177
|
-
return input.authors
|
|
178
|
-
.map((author) => `${author.name}${manufacturer}`)
|
|
179
|
-
.join(', ');
|
|
180
|
-
}
|
|
181
|
-
else if (input.author) {
|
|
182
|
-
return `${input.author}${manufacturer}`;
|
|
183
|
-
}
|
|
184
|
-
else {
|
|
185
|
-
return undefined;
|
|
186
|
-
}
|
|
220
|
+
else {
|
|
221
|
+
return 'CycloneDX BOM Report';
|
|
187
222
|
}
|
|
188
|
-
}
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
: license?.license?.id)
|
|
207
|
-
.filter((identifier) => identifier)
|
|
223
|
+
}
|
|
224
|
+
},
|
|
225
|
+
version: {
|
|
226
|
+
path: 'raw.metadata.component.version',
|
|
227
|
+
transformer: global_1.filterString
|
|
228
|
+
},
|
|
229
|
+
maintainer: {
|
|
230
|
+
path: 'raw.metadata.component',
|
|
231
|
+
transformer: (input) => {
|
|
232
|
+
// Find organization of authors if possible
|
|
233
|
+
const manufacturer = lodash_1.default.has(input, 'manufacturer')
|
|
234
|
+
? ` (${input.manufacturer.name})`
|
|
235
|
+
: '';
|
|
236
|
+
// Check through every single possible field which may hold ownership over this component
|
|
237
|
+
if (lodash_1.default.has(input, 'authors')) {
|
|
238
|
+
// Join list of component authors
|
|
239
|
+
return input.authors
|
|
240
|
+
.map((author) => `${author.name}${manufacturer}`)
|
|
208
241
|
.join(', ');
|
|
209
242
|
}
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
.join(', ');
|
|
282
|
-
}
|
|
283
|
-
return [
|
|
284
|
-
...(input.components?.map((component) => component.name) ??
|
|
285
|
-
[]),
|
|
286
|
-
...(input.services?.map((component) => component.name) ??
|
|
287
|
-
[])
|
|
288
|
-
].join(', ');
|
|
289
|
-
}
|
|
290
|
-
},
|
|
291
|
-
'analysis.state': {
|
|
292
|
-
path: 'analysis.state',
|
|
293
|
-
transformer: global_1.filterString
|
|
294
|
-
},
|
|
295
|
-
'analysis.justification': {
|
|
296
|
-
path: 'analysis.justification',
|
|
297
|
-
transformer: global_1.filterString
|
|
298
|
-
},
|
|
299
|
-
'analysis.response': {
|
|
300
|
-
path: 'analysis.response',
|
|
301
|
-
transformer: (input) => input && input.length > 0 ? input.join(', ') : undefined
|
|
302
|
-
},
|
|
303
|
-
'analysis.detail': {
|
|
304
|
-
path: 'analysis.detail',
|
|
305
|
-
transformer: global_1.filterString
|
|
306
|
-
},
|
|
307
|
-
'analysis.firstIssued': {
|
|
308
|
-
path: 'analysis.firstIssued',
|
|
309
|
-
transformer: global_1.filterString
|
|
310
|
-
},
|
|
311
|
-
'analysis.lastUpdated': {
|
|
312
|
-
path: 'analysis.lastUpdated',
|
|
313
|
-
transformer: global_1.filterString
|
|
314
|
-
}
|
|
243
|
+
else if (input.author) {
|
|
244
|
+
// `author` is deprecated in v1.6 but may still appear
|
|
245
|
+
return `${input.author}${manufacturer}`;
|
|
246
|
+
}
|
|
247
|
+
else {
|
|
248
|
+
return undefined;
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
},
|
|
252
|
+
summary: {
|
|
253
|
+
path: 'raw.metadata.component.description',
|
|
254
|
+
transformer: global_1.filterString
|
|
255
|
+
},
|
|
256
|
+
copyright: {
|
|
257
|
+
path: 'raw.metadata.component.copyright',
|
|
258
|
+
transformer: global_1.filterString
|
|
259
|
+
},
|
|
260
|
+
license: {
|
|
261
|
+
path: 'raw.metadata.component',
|
|
262
|
+
transformer: (input) => {
|
|
263
|
+
if (!input.licenses) {
|
|
264
|
+
return undefined;
|
|
265
|
+
}
|
|
266
|
+
// Certain license reports only provide the license name in the `name` field
|
|
267
|
+
// Check there first and then default to `id`
|
|
268
|
+
return input.licenses
|
|
269
|
+
?.map((license) => license?.license?.name
|
|
270
|
+
? license.license.name
|
|
271
|
+
: license?.license?.id)
|
|
272
|
+
.filter((identifier) => identifier)
|
|
273
|
+
.join(', ');
|
|
274
|
+
}
|
|
275
|
+
},
|
|
276
|
+
supports: [],
|
|
277
|
+
attributes: [],
|
|
278
|
+
groups: [],
|
|
279
|
+
status: 'loaded',
|
|
280
|
+
controls: [
|
|
281
|
+
{
|
|
282
|
+
path: 'vulnerabilities',
|
|
283
|
+
key: 'id',
|
|
284
|
+
tags: {
|
|
285
|
+
nist: {
|
|
286
|
+
path: 'cwes',
|
|
287
|
+
transformer: getNISTTags
|
|
288
|
+
},
|
|
289
|
+
cci: {
|
|
290
|
+
path: 'cwes',
|
|
291
|
+
transformer: (input) => (0, global_1.getCCIsForNISTTags)(getNISTTags(input))
|
|
292
|
+
},
|
|
293
|
+
cwe: { path: 'cwes', transformer: formatCWETags },
|
|
294
|
+
'bom-ref': {
|
|
295
|
+
path: 'bom-ref',
|
|
296
|
+
transformer: global_1.filterString
|
|
297
|
+
},
|
|
298
|
+
ratings: {
|
|
299
|
+
path: 'ratings',
|
|
300
|
+
transformer: (input) => input
|
|
301
|
+
? [...input]
|
|
302
|
+
.map((rating) => {
|
|
303
|
+
const ratingSource = rating.source?.name
|
|
304
|
+
? `${rating.source?.name} - `
|
|
305
|
+
: 'Unidentified Source - ';
|
|
306
|
+
return `${ratingSource}${rating.severity}`;
|
|
307
|
+
})
|
|
308
|
+
.join(', ')
|
|
309
|
+
: undefined
|
|
310
|
+
},
|
|
311
|
+
created: {
|
|
312
|
+
path: 'created',
|
|
313
|
+
transformer: global_1.filterString
|
|
315
314
|
},
|
|
316
|
-
|
|
315
|
+
published: {
|
|
316
|
+
path: 'published',
|
|
317
|
+
transformer: global_1.filterString
|
|
318
|
+
},
|
|
319
|
+
updated: {
|
|
320
|
+
path: 'updated',
|
|
321
|
+
transformer: global_1.filterString
|
|
322
|
+
},
|
|
323
|
+
// Workflow items will not affect `impact`
|
|
324
|
+
rejected: {
|
|
325
|
+
path: 'rejected',
|
|
326
|
+
transformer: global_1.filterString
|
|
327
|
+
},
|
|
328
|
+
credits: {
|
|
329
|
+
path: 'credits',
|
|
330
|
+
transformer: (input) => input
|
|
331
|
+
? `${input.individuals
|
|
332
|
+
?.map((individual) => individual.name)
|
|
333
|
+
.filter((name) => name)
|
|
334
|
+
.join(', ')}`
|
|
335
|
+
: undefined
|
|
336
|
+
},
|
|
337
|
+
tools: {
|
|
338
|
+
path: 'tools',
|
|
317
339
|
transformer: (input) => {
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
340
|
+
if (!input) {
|
|
341
|
+
return undefined;
|
|
342
|
+
}
|
|
343
|
+
if (Array.isArray(input)) {
|
|
344
|
+
return input
|
|
345
|
+
.map((tool) => tool.name)
|
|
346
|
+
.filter((name) => name)
|
|
347
|
+
.join(', ');
|
|
348
|
+
}
|
|
324
349
|
return [
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
: undefined,
|
|
331
|
-
lodash_1.default.has(input, 'proofOfConcept')
|
|
332
|
-
? {
|
|
333
|
-
data: `Proof of concept: ${JSON.stringify(lodash_1.default.get(input, 'proofOfConcept'), null, 2)}`,
|
|
334
|
-
label: 'check'
|
|
335
|
-
}
|
|
336
|
-
: undefined
|
|
337
|
-
].filter((subdescription) => subdescription);
|
|
350
|
+
...(input.components?.map((component) => component.name) ??
|
|
351
|
+
[]),
|
|
352
|
+
...(input.services?.map((component) => component.name) ??
|
|
353
|
+
[])
|
|
354
|
+
].join(', ');
|
|
338
355
|
}
|
|
339
356
|
},
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
const ref = searchFor
|
|
345
|
-
.filter((key) => input.hasOwnProperty(key))
|
|
346
|
-
.map((key) => lodash_1.default.pick(input, key));
|
|
347
|
-
return { ref: ref };
|
|
348
|
-
}
|
|
349
|
-
}
|
|
350
|
-
],
|
|
351
|
-
source_location: {},
|
|
352
|
-
title: {
|
|
353
|
-
transformer: (input) => input.description ? `${input.description}` : `${input.id}`
|
|
357
|
+
// Workflow items will not affect `impact`
|
|
358
|
+
'analysis.state': {
|
|
359
|
+
path: 'analysis.state',
|
|
360
|
+
transformer: global_1.filterString
|
|
354
361
|
},
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
transformer:
|
|
358
|
-
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
return (0, global_1.filterString)(`${description}\n\n${detail}`.trim());
|
|
363
|
-
}
|
|
362
|
+
'analysis.justification': {
|
|
363
|
+
path: 'analysis.justification',
|
|
364
|
+
transformer: global_1.filterString
|
|
365
|
+
},
|
|
366
|
+
'analysis.response': {
|
|
367
|
+
path: 'analysis.response',
|
|
368
|
+
transformer: (input) => input && input.length > 0 ? input.join(', ') : undefined
|
|
364
369
|
},
|
|
365
|
-
|
|
366
|
-
|
|
370
|
+
'analysis.detail': {
|
|
371
|
+
path: 'analysis.detail',
|
|
372
|
+
transformer: global_1.filterString
|
|
367
373
|
},
|
|
368
|
-
|
|
369
|
-
|
|
374
|
+
'analysis.firstIssued': {
|
|
375
|
+
path: 'analysis.firstIssued',
|
|
376
|
+
transformer: global_1.filterString
|
|
370
377
|
},
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
378
|
+
'analysis.lastUpdated': {
|
|
379
|
+
path: 'analysis.lastUpdated',
|
|
380
|
+
transformer: global_1.filterString
|
|
381
|
+
}
|
|
382
|
+
},
|
|
383
|
+
descriptions: {
|
|
384
|
+
transformer: (input) => {
|
|
385
|
+
const recommendation = input.recommendation
|
|
386
|
+
? `Recommendation: ${input.recommendation}`
|
|
387
|
+
: '';
|
|
388
|
+
// Workaround not defined by types? Use lodash for now until proper type is implemented
|
|
389
|
+
const workaround = lodash_1.default.has(input, 'workaround')
|
|
390
|
+
? `Workaround: ${input.workaround}`
|
|
391
|
+
: '';
|
|
392
|
+
return [
|
|
393
|
+
recommendation || workaround
|
|
394
|
+
? {
|
|
395
|
+
data: `${recommendation}\n\n${workaround}`.trim(),
|
|
396
|
+
label: 'fix'
|
|
386
397
|
}
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
'mime-type',
|
|
393
|
-
'bom-ref',
|
|
394
|
-
'supplier',
|
|
395
|
-
'manufacturer',
|
|
396
|
-
'authors',
|
|
397
|
-
'author',
|
|
398
|
-
'publisher',
|
|
399
|
-
'group',
|
|
400
|
-
'name',
|
|
401
|
-
'version',
|
|
402
|
-
'description',
|
|
403
|
-
'licenses',
|
|
404
|
-
'copyright'
|
|
405
|
-
]);
|
|
406
|
-
const msg = Object.keys(selectComponentValues)
|
|
407
|
-
.map((key) => {
|
|
408
|
-
return Array.isArray(selectComponentValues[key])
|
|
409
|
-
? `\n\n- ${lodash_1.default.capitalize(key)}: ${JSON.stringify(selectComponentValues[key], null, 2)}`
|
|
410
|
-
: `\n\n- ${lodash_1.default.capitalize(key)}: ${selectComponentValues[key]}`;
|
|
411
|
-
})
|
|
412
|
-
.join('');
|
|
413
|
-
return `-Component Summary-${msg}`;
|
|
398
|
+
: undefined,
|
|
399
|
+
lodash_1.default.has(input, 'proofOfConcept')
|
|
400
|
+
? {
|
|
401
|
+
data: `Proof of concept: ${JSON.stringify(lodash_1.default.get(input, 'proofOfConcept'), null, 2)}`,
|
|
402
|
+
label: 'check'
|
|
414
403
|
}
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
],
|
|
421
|
-
sha256: ''
|
|
422
|
-
}
|
|
423
|
-
],
|
|
424
|
-
passthrough: {
|
|
425
|
-
transformer: (input) => {
|
|
426
|
-
const components = input.components.filter((component) => !component.isDummy);
|
|
427
|
-
return {
|
|
428
|
-
auxiliary_data: [
|
|
404
|
+
: undefined
|
|
405
|
+
].filter((subdescription) => subdescription);
|
|
406
|
+
}
|
|
407
|
+
},
|
|
408
|
+
refs: [
|
|
429
409
|
{
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
])
|
|
410
|
+
transformer: (input) => {
|
|
411
|
+
const searchFor = ['source', 'references', 'advisories'];
|
|
412
|
+
const ref = searchFor
|
|
413
|
+
.filter((key) => input.hasOwnProperty(key))
|
|
414
|
+
.map((key) => lodash_1.default.pick(input, key));
|
|
415
|
+
return { ref: ref };
|
|
416
|
+
}
|
|
438
417
|
}
|
|
439
418
|
],
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
419
|
+
source_location: {},
|
|
420
|
+
title: {
|
|
421
|
+
// Give description as title if possible
|
|
422
|
+
transformer: (input) => input.description ? `${input.description}` : `${input.id}`
|
|
423
|
+
},
|
|
424
|
+
id: { path: 'id' },
|
|
425
|
+
desc: {
|
|
426
|
+
transformer: (input) => {
|
|
427
|
+
const description = input.description
|
|
428
|
+
? `Description: ${input.description}`
|
|
429
|
+
: '';
|
|
430
|
+
const detail = input.detail ? `Detail: ${input.detail}` : '';
|
|
431
|
+
return (0, global_1.filterString)(`${description}\n\n${detail}`.trim());
|
|
432
|
+
}
|
|
433
|
+
},
|
|
434
|
+
impact: {
|
|
435
|
+
transformer: (input) => maxImpact(input.ratings ?? [])
|
|
436
|
+
},
|
|
437
|
+
code: {
|
|
438
|
+
transformer: (vulnerability) => JSON.stringify(lodash_1.default.omit(vulnerability, 'affectedComponents'), null, 2)
|
|
439
|
+
},
|
|
440
|
+
arrayTransformer: skipSeverityInfoOrUnknown,
|
|
441
|
+
results: [
|
|
442
|
+
{
|
|
443
|
+
path: 'affectedComponents',
|
|
444
|
+
status: inspecjs_1.ExecJSON.ControlResultStatus.Failed,
|
|
445
|
+
code_desc: {
|
|
446
|
+
transformer: (index) => {
|
|
447
|
+
const selectComponentValues = this.getComponentValueAtIndex(index, ['group', 'version', 'name']);
|
|
448
|
+
const group = lodash_1.default.has(selectComponentValues, 'group')
|
|
449
|
+
? `${selectComponentValues.group}/`
|
|
450
|
+
: '';
|
|
451
|
+
const version = lodash_1.default.has(selectComponentValues, 'version')
|
|
452
|
+
? `@${selectComponentValues.version}`
|
|
453
|
+
: '';
|
|
454
|
+
return `Component ${group}${lodash_1.default.get(selectComponentValues, 'name')}${version} is vulnerable`;
|
|
455
|
+
}
|
|
456
|
+
},
|
|
457
|
+
message: {
|
|
458
|
+
transformer: (index) => {
|
|
459
|
+
// Selectively pick out fields to display; full components are listed in full component structure
|
|
460
|
+
const selectComponentValues = this.getComponentValueAtIndex(index, [
|
|
461
|
+
'type',
|
|
462
|
+
'mime-type',
|
|
463
|
+
'bom-ref',
|
|
464
|
+
'supplier',
|
|
465
|
+
'manufacturer',
|
|
466
|
+
'authors', // Replaces `author` in v1.6
|
|
467
|
+
'author', // Deprecated in v1.6
|
|
468
|
+
'publisher',
|
|
469
|
+
'group',
|
|
470
|
+
'name',
|
|
471
|
+
'version',
|
|
472
|
+
'description',
|
|
473
|
+
'licenses',
|
|
474
|
+
'copyright'
|
|
475
|
+
]);
|
|
476
|
+
const msg = Object.keys(selectComponentValues)
|
|
477
|
+
.map((key) => {
|
|
478
|
+
return Array.isArray(selectComponentValues[key])
|
|
479
|
+
? `\n\n- ${lodash_1.default.capitalize(key)}: ${JSON.stringify(selectComponentValues[key], null, 2)}`
|
|
480
|
+
: `\n\n- ${lodash_1.default.capitalize(key)}: ${selectComponentValues[key]}`;
|
|
481
|
+
})
|
|
482
|
+
.join('');
|
|
483
|
+
return `-Component Summary-${msg}`;
|
|
484
|
+
}
|
|
485
|
+
},
|
|
486
|
+
start_time: ''
|
|
487
|
+
}
|
|
488
|
+
]
|
|
489
|
+
}
|
|
490
|
+
],
|
|
491
|
+
sha256: ''
|
|
443
492
|
}
|
|
444
|
-
|
|
493
|
+
],
|
|
494
|
+
passthrough: {
|
|
495
|
+
transformer: (input) => {
|
|
496
|
+
// VEX files will generate dummy components for control results
|
|
497
|
+
// Filter them out for the proper components listing
|
|
498
|
+
const components = input.components.filter((component) => !component.isDummy);
|
|
499
|
+
return {
|
|
500
|
+
auxiliary_data: [
|
|
501
|
+
{
|
|
502
|
+
name: 'SBOM',
|
|
503
|
+
components: components.length ? components : undefined,
|
|
504
|
+
dependencies: lodash_1.default.get(input, 'raw.dependencies'),
|
|
505
|
+
data: lodash_1.default.omit(input.raw, [
|
|
506
|
+
'components',
|
|
507
|
+
'vulnerabilities',
|
|
508
|
+
'dependencies'
|
|
509
|
+
])
|
|
510
|
+
}
|
|
511
|
+
],
|
|
512
|
+
...(this.withRaw && { raw: input.raw })
|
|
513
|
+
};
|
|
514
|
+
}
|
|
515
|
+
}
|
|
516
|
+
};
|
|
517
|
+
constructor(exportJson, withRaw = false) {
|
|
518
|
+
super(exportJson, true);
|
|
445
519
|
this.withRaw = withRaw;
|
|
446
520
|
}
|
|
447
521
|
}
|